Head of IT Security and GRC
Vitoria, Brazil or Remote, Brazil
Trustly
Trustly, as a simple and fast online banking payments solution, enables consumers and merchants to carry out in and out payments using their bank account.Our digital account-to-account platform redefines the speed, simplicity, and security of payments. Consumers pay for purchases by simply signing into their bank accounts, bypassing the card networks, and never leaving a merchant’s site or app – no credit card numbers or separate account setup necessary. With offices in Vitoria, Brazil, Silicon Valley in the US, and global headquarters in Stockholm, Sweden, we are a culturally diverse team. Across Brazil, we have embraced remote work from home policy.
At Trustly, we believe that inclusion and diversity are essential foundations for building a fair and equitable society. We do not discriminate based on race, religion, ancestry, color, national origin, gender identity, sexual orientation, age, citizenship, marital status, or disability status. Our main goal is to provide a fair, welcoming, diverse environment with opportunities for all collaborators. The stages of our selection process take place online and without distinction of any kind.
It’s a great time to join Trustly as the Americas team is growing fast. If you thrive in an entrepreneurially-minded, fast-paced, casual, professional, positive, and rewarding work environment, check us out!
What you'll do:
- Responsible for IT Security strategic planning and information security policies;
- Keep management on track of Information Security, Data Protection and GRC matters to management team through regular Information Security Committee meetings;
- Promote a culture of security and privacy within the company through the security awareness program;
- Identify, assess and manage IT Security and Compliance risks and enforce the implementation of key controls to mitigate significant risks;
- Ensure IT controls effectiveness through the Control Self Assessment and enforcing corrective actions when deemed necessary;
- Ensure that the organization complies with Data Privacy laws, such as the CCPA and GDPR;
- Ensure that the IT department maintains SSAE18 and SOC 2 compliance at all times as well as other compliance related processes required by merchants, vendors and other third parties;
- Conduct IT Security programs in order to obtain additional certifications (e.g. ISO 27001/27701);
- Perform vendor due diligence and security reviews;
- Support Legal and business teams on reviewing agreements (MSA’s, NDA’s, MNDA’s etc.) with vendors, partners and clients especially concerning data privacy and IT security matters;
- Main point of contact for attending external audits / due diligence comprising Data Protection, IT Security and GRC matters;
- Facilitate the implementation of SecOps strategic projects, such as cloud platform security, application security, vulnerability and threat management, endpoint security, patch management, disaster recovery and incident response;
- Ensure appropriate Incident Response process is followed and investigation / post mortem activities take place promptly and completely;
- Ensure Business Continuity and Disaster Recovery processes are followed, tests are performed and corrective actions are implemented in a timely manner.
Who you are:
- Bachelor’s degree in Computer Sciences, Management, Engineering or related areas;
- Experience with Information technology;
- Experience in a management role;
- Advanced English;
- Advanced skills in information security, GRC, Data Protection, Privacy, Risk Management, Amazon AWS, Incident Management and Response.
Our perks and benefits:
- Bradesco health and dental plan, for you and your dependents, with no co-payment cos
- Sulamérica life insurance with differentiated coverage
- Meal voucher and supermarket voucher
- Home Office Allowance
- Gympass - Platform that gives access to spaces for physical activities and online classes
- Trustly Club - Discount at educational institutions and partner stores
- Monthly happy hours with iFood coupon
- English Program - Here you have space to develop your English, and you can choose an Online Platform or English Classes in company
- Extended maternity and paternity leave
- Birthday off
- Flexible hours/Home Office - our culture is remote-first! You can work in every city in Brazil
- Welcome Kit - We work with Apple equipment (Macbook Pro, iPhone) and we send many more treats! Spoiler alert: Equipment can be purchased by you according to internal criteria!
- Annual premium - As a member of our team, you are eligible to receive an annual bonus, at the company's discretion, based on the achievement of our KPIs.
- Referral Program - If you refer a candidate and we hire the person, you will receive a reward for that!
#LI-Remote #LI-CAMILAW-TRUSTLY
At Trustly, we embrace and celebrate diversity of all forms and the value it brings to our employees and customers. We are proud and committed to being an Equal Opportunity Employer and believe an open and inclusive environment enables people to do their best work. All decisions regarding hiring, advancement, and any other aspects of employment are made solely on the basis of qualifications, merit, and business need.
Want to make a difference in a fast-growing business? Apply now!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS Banking CCPA Cloud Compliance Endpoint security GDPR Incident response ISO 27001 KPIs Privacy Risk management SecOps SOC SOC 2
Perks/benefits: Fitness / gym Flex hours Flex vacation Gear Health care Home office stipend Insurance Parental leave Salary bonus Signing bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs